Comments on: HD Moore’s Company BreakingPoint Suffers DNS Attack http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/ Ethical Hacking, Penetration Testing & Computer Security Sun, 08 Nov 2009 07:15:43 +0000 http://wordpress.org/?v=2.8.5 hourly 1 By: Morgan Storey http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124521 Morgan Storey Thu, 14 Aug 2008 05:21:16 +0000 http://www.darknet.org.uk/?p=962#comment-124521 so I am the first to admit I have gaps in my knowledge. Never heard of DNSSEC, now I that have listened to the Blackhat talk I have heard about it. I had a quick look at wikipedia and the official site and it is interesting. Of course windows servers only support it as a secondary, also the glaring-hole of non NSEC3 servers allowing enumeration of sites is just plain silly. Seriously just hash The users request domain "Not Found" and add it to the RFC, done. I think it should include the option for encrypting replies, may as well, could be useful for higher secure organisations. so I am the first to admit I have gaps in my knowledge.
Never heard of DNSSEC, now I that have listened to the Blackhat talk I have heard about it. I had a quick look at wikipedia and the official site and it is interesting. Of course windows servers only support it as a secondary, also the glaring-hole of non NSEC3 servers allowing enumeration of sites is just plain silly. Seriously just hash The users request domain “Not Found” and add it to the RFC, done.
I think it should include the option for encrypting replies, may as well, could be useful for higher secure organisations.

]]> By: Morgan Storey http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124517 Morgan Storey Thu, 14 Aug 2008 02:34:16 +0000 http://www.darknet.org.uk/?p=962#comment-124517 @Brill: Yeah NAT negates the patch in most parts as the NAT doesn't randomise the port. Dan even said the patch doesn't 100% fix it, just makes it harder to guess the next port. So it was only a matter of time before someone "brute forced" the port. Scary that they did it this fast, but really they did it over Gige in 10 hours. So most DNS servers that are doing resolves for clients, are probably not even on 20mbs of bandwidth, and latency 10+ times that of ethernet. So you could say it would take 10+ times longer to do this over the internet, so 100hours. Someone will hopefully notice at around hour 20... I blogged about this, I think we need to have signed or ssl DNS forwarding and root servers, it wouldn't be that hard to implement. @Brill: Yeah NAT negates the patch in most parts as the NAT doesn’t randomise the port. Dan even said the patch doesn’t 100% fix it, just makes it harder to guess the next port. So it was only a matter of time before someone “brute forced” the port. Scary that they did it this fast, but really they did it over Gige in 10 hours. So most DNS servers that are doing resolves for clients, are probably not even on 20mbs of bandwidth, and latency 10+ times that of ethernet. So you could say it would take 10+ times longer to do this over the internet, so 100hours. Someone will hopefully notice at around hour 20…
I blogged about this, I think we need to have signed or ssl DNS forwarding and root servers, it wouldn’t be that hard to implement.

]]> By: Brill http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124476 Brill Tue, 12 Aug 2008 22:06:51 +0000 http://www.darknet.org.uk/?p=962#comment-124476 Here you have some recent news!! it seems that the patch for this security hole doesn't solve the vulnerability!!.... there have been some sucessfull test on servers already patched and not with just a proof o concept but with a whole functional exploit. Here the overall comment from NY Times http://www.nytimes.com/2008/08/09/technology/09flaw.html And here the original comment in the post of the Russian physicist who discover it. http://tservice.net.ru/~s0mbre/blog/devel/networking/dns/2008_08_08.html Here you have some recent news!! it seems that the patch for this security hole doesn’t solve the vulnerability!!…. there have been some sucessfull test on servers already patched and not with just a proof o concept but with a whole functional exploit.
Here the overall comment from NY Times
http://www.nytimes.com/2008/08/09/technology/09flaw.html
And here the original comment in the post of the Russian physicist who discover it.
http://tservice.net.ru/~s0mbre/blog/devel/networking/dns/2008_08_08.html

]]> By: Brill http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124475 Brill Tue, 12 Aug 2008 22:03:53 +0000 http://www.darknet.org.uk/?p=962#comment-124475 @Morgan, Thanks for the link!!... Linking it with the presentation it will be the nearest I will have to be at any Black Hat presentation. I will try to save some time to hear it with calm... This one received a lot of publicity but, Does anyone of the lucky guys that could attend recomend any other presentation? @Morgan, Thanks for the link!!… Linking it with the presentation it will be the nearest I will have to be at any Black Hat presentation.

I will try to save some time to hear it with calm…

This one received a lot of publicity but, Does anyone of the lucky guys that could attend recomend any other presentation?

]]> By: lyz http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124468 lyz Tue, 12 Aug 2008 15:49:20 +0000 http://www.darknet.org.uk/?p=962#comment-124468 weehee.. This post is just in time for my re-echo of the Hackacon 2008 event I've attended here in our country. weehee.. This post is just in time for my re-echo of the Hackacon 2008 event I’ve attended here in our country.

]]> By: Darknet http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124421 Darknet Sat, 09 Aug 2008 08:51:41 +0000 http://www.darknet.org.uk/?p=962#comment-124421 Just relax, nothing disappears, posting the same thing 10 times then I have to go through each one and see which ones are the same and which ones are different and which one I should post and which I should delete - now that's annoying. Everything will get through, just wait I'm on holiday. Just relax, nothing disappears, posting the same thing 10 times then I have to go through each one and see which ones are the same and which ones are different and which one I should post and which I should delete – now that’s annoying. Everything will get through, just wait I’m on holiday.

]]> By: Morgan Storey http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124387 Morgan Storey Thu, 07 Aug 2008 11:30:05 +0000 http://www.darknet.org.uk/?p=962#comment-124387 @Brill: yeah I found a link to the MP3, I just downloaded it from here http://blackhat.com/html/webinars/kaminsky-DNS.html It is pretty long, I'll listen to it at lunch tomorrow. I should have listened to the webcast live. @Brill: yeah I found a link to the MP3, I just downloaded it from here http://blackhat.com/html/webinars/kaminsky-DNS.html

It is pretty long, I’ll listen to it at lunch tomorrow. I should have listened to the webcast live.

]]> By: Brill http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124385 Brill Thu, 07 Aug 2008 08:42:41 +0000 http://www.darknet.org.uk/?p=962#comment-124385 Today was the lecture of Dan Kaminsky at Black Hat, altough his presentation is not available yet at Black Hat site, you can find it in Dan's site http://www.doxpara.com/DMK_BO2K8.ppt Has anyone attended who can provide some feedback?. Today was the lecture of Dan Kaminsky at Black Hat, altough his presentation is not available yet at Black Hat site, you can find it in Dan’s site http://www.doxpara.com/DMK_BO2K8.ppt
Has anyone attended who can provide some feedback?.

]]> By: zupakomputer http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124376 zupakomputer Wed, 06 Aug 2008 17:44:24 +0000 http://www.darknet.org.uk/?p=962#comment-124376 I may have a dewy-eyed view of Malaysia but it must be hard picking a better holiday destination when you're in a tropical paradise already! Iceland perhaps, something a bit different.....or it works out better cause you don't have to travel at all, just holiday in the same country. This DNS thing - what if you tried to complain to your ISP that their caching was poisoned, but their own website was redirecting to a fake ad site too...... I may have a dewy-eyed view of Malaysia but it must be hard picking a better holiday destination when you’re in a tropical paradise already! Iceland perhaps, something a bit different…..or it works out better cause you don’t have to travel at all, just holiday in the same country.

This DNS thing – what if you tried to complain to your ISP that their caching was poisoned, but their own website was redirecting to a fake ad site too……

]]> By: CG http://www.darknet.org.uk/2008/08/hd-moores-company-breakingpoint-suffers-dns-attack/#comment-124375 CG Wed, 06 Aug 2008 15:47:46 +0000 http://www.darknet.org.uk/?p=962#comment-124375 old news and over hyped "It seems more of a problem with the ISP than BreakingPoint itself" ...tisk tisk for your post title old news and over hyped

“It seems more of a problem with the ISP than BreakingPoint itself”

…tisk tisk for your post title

]]>